The environmental impacts of the unsustainable consumption of goods and growing amounts of waste are becoming the subject of more and more debate in the EU. In this context, the European Commission wants to improve the sustainability of products that use large quantities of materials, energy, and other resources and cause significant environmental impacts throughout their lifecycle. The App Association fully supports this objective. To achieve this goal, the Commission recently presented a new legislative proposal for a ‘regulation on establishing a framework for setting ecodesign requirements for Sustainable Products and repealing Directive 2009/125/EC’. This proposal, also known as the Sustainable Products Initiative, will apply to a broad range of products and set requirements for various devices, including electronic devices, and consequently, software running on them. However, the devil is in the details, and in its current form this proposal could have serious negative consequences on app developers and their users. Let us explain why.
Most importantly, we have concerns about the proposed provisions targeting software updates, which seek to combat the ‘programmed obsolescence’ of devices. While it is important to ensure that companies do not intentionally degrade the functioning of their users’ devices to drive up sales, the text’s provisions to prevent this could have broader negative implications on app developers and consumers. In particular, the text requires that software and firmware updates should not worsen the performance of devices. This provision would thus obligate companies to tell consumers if a software update risks ‘negatively’ impacting the performance or speed of their device, and consequently allow them to reject such updates. This latter point is especially concerning.
One problem is that as a device’s battery gets older, processing capacity naturally decreases and may, over time, be unable to support software upgrades which enable new functionalities and are crucial for cybersecurity. While enabling users to reject software and firmware updates might seem like the silver bullet to make mobile devices last longer, such provisions go far beyond the sustainability debate. Not only will this put users’ privacy and security at risk, but it could also considerably harm small app developers in terms of business security, costs, and innovation.
How will the new ecodesign rules impact small app developers?
A requirement for device operators to allow users to reject software updates or undo operating system (OS) upgrades as suggested by a separate draft regulation on ecodesign requirements specifically for mobile phones significantly raises cybersecurity risks, may harm innovation, and could increase costs to prohibitive levels for small developers.
Increased cybersecurity risks
The possibility of rejecting a newer version or downgrading to an older version of an OS comes with serious cybersecurity concerns. OS upgrades are the primary tool to patch vulnerabilities and increase user security, meaning that devices with an outdated OS will become more vulnerable to cyber threats and significantly increase their risks of being hacked or attacked by malware. For instance, the infamous ‘Wannacry’ malware attack, which affected hundreds of thousands of devices in more than 150 countries in 2017, could have been mitigated if users had updated their OS. Evidently, OS updates and upgrades are essential to keep up with and prevent constantly changing cyber threats. Any European legislation that promotes ‘retrograding’ or rejecting upgrades that would make a device more secure endangers the cybersecurity of electronic devices and, thus, puts consumers at risk. As a result, such legislation could reduce trust in the app ecosystem, on which small app developers heavily rely. The trust that consumers have in the app ecosystem enables them to compete with larger players on a level playing field, and the European Commission must work to preserve that trust rather than disrupt it.
Harms to innovation
App developers face a serious risk of cost increases and fragmentation if they must support versions of their apps for too many (outdated) OS versions. Releasing an app or an update for an existing app is much harder to do if app developers have to test it and keep it functional on all existing and previous versions of the OS, which users may continue to use if they reject upgrades. Small app developers would need to provide technical support and tailored instructions to consumers for all the different OS versions, as well as offer the possibility for the app to be up to date for all previous versions. These implications of the proposed requirement are disproportionate and possibly prohibitive in terms of financial and human resources for small businesses.
Increased costs for small app developers
Running all the previous OS versions of an application takes considerable amounts of time. Software developers commonly implement the ability to upgrade an app’s data to a newer version to make sure that existing users can use new features. Because new software typically adds features, this process is usually straightforward. If a developer’s app now has to support downgrading, things get much more complicated. For one, new ways (i.e. updates) of using the software re-organise the data and interweave it with new features that older software versions did not support. The old data structures, thus, don’t have anywhere to put this information, making downgrading potentially impossible without data loss. Additionally, the complexities of implementing and testing these capabilities across multiple versions add an unreasonable burden for developers and creates confusion, all for little or nothing in return.
As a result, small app developers may be unable to introduce new features to improve the functionality of their app, simply because they do not have the time. New devices introduce new OS upgrades and new functionalities on which developers innovate with the final goal to improve the user experience. If a consumer can reject an upgrade to a newer OS version, it creates both business development uncertainties and reduces the uptake of innovative apps. As a result, such a requirement generates new obstacles for developers to innovate to the detriment of consumers themselves.
How can we improve the new ecodesign rules?
We recognise the importance and urgency of the digital and green transitions, and legislation that enhances more sustainable use of electronic products and maintains products in the market longer is an important part of those transitions. Policymakers need to address the digital and green transitions jointly to consider their respective challenges holistically. By including software in the scope of these new ecodesign rules lawmakers risk hindering the digital transition by enabling users to use devices that are less safe.
As such, including software in the new ecodesign rules may hinder app developers from innovating on top of the most secure software and device upgrades. Smartphones, like other electronic devices, simply become less efficient after a certain period, but we believe that should not enable users to reject software upgrades that increase cybersecurity and improve the functionality of a device. Making device use safer is a fundamental step to further increasing trust in the mobile app ecosystem, which is crucial to small developers’ success.
To improve the new rules, we encourage European decision-makers to future-proof legislation by considering the two transitions as inseparable twins that we have to accomplish together rather than pushing forward one at the expense of the other.